Release 3.21.0

Release 3.21.0

Author: dshelbyo

CHANGELOG.md

@@ -1,4 +1,17 @@
-## 3.20.1 (Unreleased)
+## 3.21.0 (Unreleased)
+
+### Added
+- Support for additional dbHomes/databases in a BM Db System
+- Support for tags in databases
+- Support for updates to database auto_backup_enabled
+- Support for provider service keys in Fast Connect Provider Services
+- Singular data sources for User, Group, File Storage Snapshot, Private IP and Virtual Cloud Network (VCN).
+- Support for authentication policy introduced in v3.18.0 is now generally available.
+
+### Fixed
+- Virtual Circuit update failures by handling default values
+- Importing `assign_public_ip` for Core vnic attachment
+
 ## 3.20.0 (March 27, 2019)
 
 ### Added
@@ -30,6 +43,7 @@
 - Support for updating the compartment on a Tag Namespace
 - Support for exadata io resource management config for DB system
 - Support `email` attribute for `oci_identity_user` resource
+- Support for authentication policy
 
 ### Fixed
 - Marked oci_identity_ui_password resource as not importable
@@ -41,7 +55,7 @@
 
 ### Added
 - Add singular Availability Domain data source with related example updates
-- Support for Monitoring service 
+- Support for Monitoring service
 - Adding ability to disable monitoring in instances
 - Adding support for Metrics-based Dynamic Auto-scaling
 - Support for listing and specifying Fault Domains in Database resources
@@ -56,7 +70,7 @@
 - Support for the tagging of applicable KMS resources
 
 ### Fixed
-- DNS Record now requires domain and rtype as mandatory arguments. Managing DNS record resources now requires DNS_RECORD* level policy entitlements instead of DNS_ZONE*. [Permissions List](https://docs.cloud.oracle.com/iaas/Content/Identity/Reference/dnspolicyreference.htm) 
+- DNS Record now requires domain and rtype as mandatory arguments. Managing DNS record resources now requires DNS_RECORD* level policy entitlements instead of DNS_ZONE*. [Permissions List](https://docs.cloud.oracle.com/iaas/Content/Identity/Reference/dnspolicyreference.htm)
 
 ## 3.15.0 (February 12, 2019)
 

examples/budget/main.tf

@@ -1,7 +1,7 @@
 // Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
 
 /*
- * This example shows how to use the budget resource.
+ * This example shows how to use the budget and alert rule resources.
  */
 
 variable "tenancy_ocid" {}
@@ -37,25 +37,24 @@ data "oci_budget_budget" "budget1" {
 }
 
 output "budget" {
-  value = <<EOF
-
-  amount = "${data.oci_budget_budget.budget1.amount}"
-  compartment_id = "${data.oci_budget_budget.budget1.compartment_id}"
-  reset_period = "${data.oci_budget_budget.budget1.reset_period}"
-  target_compartment_id = "${data.oci_budget_budget.budget1.target_compartment_id}"
-  description = "${data.oci_budget_budget.budget1.description}"
-  display_name = "${data.oci_budget_budget.budget1.display_name}"
-  alert_rule_count = "${data.oci_budget_budget.budget1.alert_rule_count}"
-  state = "${data.oci_budget_budget.budget1.state}"
-  time_created = "${data.oci_budget_budget.budget1.time_created}"
-  time_updated = "${data.oci_budget_budget.budget1.time_updated}"
-  version = "${data.oci_budget_budget.budget1.version}"
-EOF
-
-  # These values are not always present
-  //  actual_spend = "${data.oci_budget_budget.budget1.actual_spend}"
-  //  forecasted_spend = "${data.oci_budget_budget.budget1.forecasted_spend}"
-  //  time_spend_computed = "${data.oci_budget_budget.budget1.time_spend_computed}"
+  value = {
+    amount                = "${data.oci_budget_budget.budget1.amount}"
+    compartment_id        = "${data.oci_budget_budget.budget1.compartment_id}"
+    reset_period          = "${data.oci_budget_budget.budget1.reset_period}"
+    target_compartment_id = "${data.oci_budget_budget.budget1.target_compartment_id}"
+    description           = "${data.oci_budget_budget.budget1.description}"
+    display_name          = "${data.oci_budget_budget.budget1.display_name}"
+    alert_rule_count      = "${data.oci_budget_budget.budget1.alert_rule_count}"
+    state                 = "${data.oci_budget_budget.budget1.state}"
+    time_created          = "${data.oci_budget_budget.budget1.time_created}"
+    time_updated          = "${data.oci_budget_budget.budget1.time_updated}"
+    version               = "${data.oci_budget_budget.budget1.version}"
+
+    # These values are not always present
+    //    actual_spend        = "${data.oci_budget_budget.budget1.actual_spend}"
+    //    forecasted_spend    = "${data.oci_budget_budget.budget1.forecasted_spend}"
+    //    time_spend_computed = "${data.oci_budget_budget.budget1.time_spend_computed}"
+  }
 }
 
 data "oci_budget_budgets" "test_budgets" {
@@ -95,22 +94,21 @@ data "oci_budget_alert_rules" "test_alert_rules" {
 }
 
 output "alert_rule" {
-  value = <<EOF
-
-  budget_id = "${data.oci_budget_alert_rule.test_alert_rule.budget_id}"
-  recipients = "${data.oci_budget_alert_rule.test_alert_rule.recipients}"
-  description = "${data.oci_budget_alert_rule.test_alert_rule.description}"
-  display_name = "${data.oci_budget_alert_rule.test_alert_rule.display_name}"
-  message = "${data.oci_budget_alert_rule.test_alert_rule.message}"
-  recipients = "${data.oci_budget_alert_rule.test_alert_rule.recipients}"
-  state = "${data.oci_budget_alert_rule.test_alert_rule.state}"
-  threshold = "${data.oci_budget_alert_rule.test_alert_rule.threshold}"
-  threshold_type = "${data.oci_budget_alert_rule.test_alert_rule.threshold_type}"
-  time_created = "${data.oci_budget_alert_rule.test_alert_rule.time_created}"
-  time_updated = "${data.oci_budget_alert_rule.test_alert_rule.time_updated}"
-  type = "${data.oci_budget_alert_rule.test_alert_rule.type}"
-  version = "${data.oci_budget_alert_rule.test_alert_rule.version}"
-EOF
+  value = {
+    budget_id      = "${data.oci_budget_alert_rule.test_alert_rule.budget_id}"
+    recipients     = "${data.oci_budget_alert_rule.test_alert_rule.recipients}"
+    description    = "${data.oci_budget_alert_rule.test_alert_rule.description}"
+    display_name   = "${data.oci_budget_alert_rule.test_alert_rule.display_name}"
+    message        = "${data.oci_budget_alert_rule.test_alert_rule.message}"
+    recipients     = "${data.oci_budget_alert_rule.test_alert_rule.recipients}"
+    state          = "${data.oci_budget_alert_rule.test_alert_rule.state}"
+    threshold      = "${data.oci_budget_alert_rule.test_alert_rule.threshold}"
+    threshold_type = "${data.oci_budget_alert_rule.test_alert_rule.threshold_type}"
+    time_created   = "${data.oci_budget_alert_rule.test_alert_rule.time_created}"
+    time_updated   = "${data.oci_budget_alert_rule.test_alert_rule.time_updated}"
+    type           = "${data.oci_budget_alert_rule.test_alert_rule.type}"
+    version        = "${data.oci_budget_alert_rule.test_alert_rule.version}"
+  }
 }
 
 data "oci_budget_alert_rule" "test_alert_rule" {

examples/compute/instance/variables.tf

@@ -57,7 +57,7 @@ variable "tag_namespace_description" {
 }
 
 variable "tag_namespace_name" {
-  default = "exampletagns"
+  default = "testexamples-tag-namespace"
 }
 
 variable "volume_attachment_device" {

examples/compute/windows/README.md

@@ -28,30 +28,11 @@ This example contains Terraform configuration to provision a virtual machine in
 
 ## WinRM
 
--   While WinRM is enabled on the images, if you plan to use your own images, you need to configure it using following commands.
-
-```powershell
-  winrm quickconfig
-  Enable-PSRemoting
-
-  winrm set winrm/config/client/auth '@{Basic="true"}'
-  winrm set winrm/config/service/auth '@{Basic="true"}'
-  winrm set winrm/config/service '@{AllowUnencrypted="true"}'
-  winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
-  winrm set winrm/config '@{MaxTimeoutms="1800000"}'
-
-  netsh advfirewall firewall add rule name="WinRM HTTP" protocol=TCP dir=in profile=any localport=5985 remoteip=any localip=any action=allow
-  netsh advfirewall firewall add rule name="WinRM HTTPS" protocol=TCP dir=in profile=any localport=5986 remoteip=any localip=any action=allow
-
-  net stop winrm
-  sc.exe config winrm start=auto
-  net start winrm
-```
-
--   Strongly consider the security aspects of allowing unencrypted connections (HTTP). This example shows how to create a self-signed certificate using Cloudbase-Init to configure WinRM for HTTPS communication
--   Based on what ports you have configured for RDP and WinRM you want to setup the Security List for your VCN to allow those ports, this example covers these ports:
+-   WinRM is enabled by default on Oracle Cloud Infrastructure (OCI) published images. If you plan to use custom images, you may need to enable and configure WinRM on those images.
+-   This example uses a self-signed certificate created during Cloudbase-Init to configure WinRM for HTTPS communication. You may need to switch to using CA signed certificate before using WinRM in production.
+-   To learn more about using WinRM in OCI refer this [blog](https://blogs.oracle.com/cloud-infrastructure/windows-custom-startup-scripts-and-cloud-init-on-oracle-cloud-infrastructure) article.
+-   Ensure that the Security List for your VCN allows the ports configured for WinRM and/or RDP, for example:
     -   3389 - RDP
-    -   5985 - WinRM HTTP
     -   5986 - WinRM HTTPS
 
 ## Terraform
@@ -68,8 +49,8 @@ This example contains Terraform configuration to provision a virtual machine in
 -   The VM instance Cloud-Init metadata that is passed to LaunchInstanceDetails and then read over in VM is just Base64 encoded, you may want to transfer the new password in a more secure way or change it through another remote-exec that can run post Cloudbase-Init. Further, the example also has the passwords stored in the local state file.
     -   Refer Terraform recommendations for [Sensitive Data](https://www.terraform.io/docs/state/sensitive-data.html)
 -   The example covers running various Powershell commands, but for a more reliable solution, you may want to add enough retries and error reporting for setup resiliency
--   While setting up HTTP over BasicAuth is easy, it is not a recommended way to connecting to these VMs, consider using HTTPS by configuring WinRM HTTPS listener using your own certificate
--   If you are facing certificate based errors for WinRM HTTPS connection it is probably due to using the self-signed certificate using New-SelfSignedCertificate that WinRM does not find compatible in newer operating systems
+-   While setting up HTTP over BasicAuth is easy, it is not a recommended way to connecting to these VMs, consider using HTTPS by configuring WinRM HTTPS listener using a CA signed certificate instead.
+-   If you are facing certificate based errors for WinRM HTTPS connection it is probably due to using the self-signed certificate using `New-SelfSignedCertificate` that WinRM does not find compatible in newer operating systems
     -   Ideally you should use CA based certificate for configuring WinRM
     -   Alternatively, you can use this Ansible published script  [ConfigureRemotingForAnsible.ps1](https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1) to generate a legacy self-signed certificate and configure WinRM to use same.
         -   This entire script can be passed as an additional part in `template_cloudinit_config` to configure WinRM for HTTPS with a self-signed certificate. If you do so, remove the certificate based section from `cloudinit.ps1` in this example

examples/database/db_systems/resources.tf

@@ -18,6 +18,10 @@ resource "oci_database_db_system" "test_db_system" {
       db_backup_config {
         auto_backup_enabled = true
       }
+
+      freeform_tags = {
+        "Department" = "Finance"
+      }
     }
 
     db_version   = "${var.db_version}"
@@ -44,6 +48,31 @@ resource "oci_database_db_system" "test_db_system" {
   }
 }
 
+// The creation of an oci_database_db_system requires that it be created with exactly one oci_database_db_home. Therefore the first db home will have to be a property of the db system resource and any further db homes to be added to the db system will have to be added as first class resources using "oci_database_db_home".
+resource "oci_database_db_home" "test_db_home" {
+  db_system_id = "${oci_database_db_system.test_db_system.id}"
+
+  database {
+    admin_password = "${var.db_admin_password}"
+    db_name        = "${var.db_home_db_name}3"
+    character_set  = "${var.character_set}"
+    ncharacter_set = "${var.n_character_set}"
+    db_workload    = "${var.db_workload}"
+    pdb_name       = "${var.pdb_name}"
+
+    freeform_tags = {
+      "Department" = "Finance"
+    }
+
+    db_backup_config {
+      auto_backup_enabled = false
+    }
+  }
+
+  db_version   = "${var.db_version}"
+  display_name = "${var.db_home_display_name}"
+}
+
 resource "oci_database_backup" "test_backup" {
   depends_on   = ["oci_database_db_system.test_db_system"]
   database_id  = "${data.oci_database_databases.databases.databases.0.id}"

examples/database/db_systems/variables.tf

@@ -17,7 +17,7 @@ variable "availability_domain" {
 
 # DBSystem specific 
 variable "db_system_shape" {
-  default = "VM.Standard2.1"
+  default = "BM.DenseIO2.52"
 }
 
 variable "cpu_core_count" {
@@ -36,6 +36,10 @@ variable "db_name" {
   default = "aTFdb"
 }
 
+variable "db_home_db_name" {
+  default = "aTFdb2"
+}
+
 variable "db_version" {
   default = "12.1.0.2"
 }

examples/fast_connect/variables.tf

@@ -41,15 +41,15 @@ variable "virtual_circuit_display_name" {
 }
 
 variable "virtual_circuit_public_prefixes_cidr_block" {
-  default = "0.0.0.0/6"
+  default = "11.0.0.0/24"
 }
 
 variable "virtual_circuit_public_prefixes_cidr_block2" {
-  default = "206.209.218.0/25"
+  default = "11.0.1.0/24"
 }
 
 variable "virtual_circuit_public_prefixes_cidr_block3" {
-  default = "206.209.219.0/24"
+  default = "11.0.2.0/24"
 }
 
 variable "virtual_circuit_region" {

examples/identity/tags.tf

@@ -4,7 +4,7 @@ resource "oci_identity_tag_namespace" "tag-namespace1" {
   #Required
   compartment_id = "${var.tenancy_ocid}"
   description    = "Just a test"
-  name           = "exampletagns"
+  name           = "testexamples-tag-namespace"
 
   is_retired = false
 }

examples/monitoring/alarms/alarms.tf

@@ -106,7 +106,7 @@ variable "tag_namespace_description" {
 }
 
 variable "tag_namespace_name" {
-  default = "exampletagns"
+  default = "testexamples-tag-namespace"
 }
 
 provider "oci" {

examples/networking/service_gateway/service_gateway.tf

@@ -15,50 +15,26 @@ provider "oci" {
   region           = "${var.region}"
 }
 
-variable "vcn_cidr_block" {
-  default = "10.0.0.0/16"
-}
-
-variable "vcn_display_name" {
-  default = "displayName"
-}
-
-variable "vcn_dns_label" {
-  default = "dnslabel"
-}
-
-variable "service_gateway_display_name" {
-  default = "displayName2"
-}
-
-variable "service_gateway_state" {
-  default = "AVAILABLE"
-}
-
-variable "tcp_protocol" {
-  default = "6"
+data "oci_core_services" "test_services" {
+  filter {
+    name   = "name"
+    values = ["All .* Services In Oracle Services Network"]
+    regex  = true
+  }
 }
 
-variable "ssh_port" {
-  default = "22"
+output "services" {
+  value = ["${data.oci_core_services.test_services.services}"]
 }
 
 resource "oci_core_vcn" "test_vcn" {
   #Required
-  cidr_block     = "${var.vcn_cidr_block}"
+  cidr_block     = "10.0.0.0/16"
   compartment_id = "${var.compartment_ocid}"
 
   #Optional
-  display_name = "${var.vcn_display_name}"
-  dns_label    = "${var.vcn_dns_label}"
-}
-
-data "oci_core_services" "test_services" {
-  filter {
-    name   = "name"
-    values = [".*Object.*Storage"]
-    regex  = true
-  }
+  display_name = "testVcn"
+  dns_label    = "dnslabel"
 }
 
 resource "oci_core_service_gateway" "test_service_gateway" {
@@ -72,18 +48,22 @@ resource "oci_core_service_gateway" "test_service_gateway" {
   vcn_id = "${oci_core_vcn.test_vcn.id}"
 
   #Optional
-  display_name = "${var.service_gateway_display_name}"
+  display_name = "testServiceGateway"
 }
 
 data "oci_core_service_gateways" "test_service_gateways" {
   #Required
   compartment_id = "${var.compartment_ocid}"
 
   #Optional
-  state  = "${var.service_gateway_state}"
+  state  = "AVAILABLE"
   vcn_id = "${oci_core_vcn.test_vcn.id}"
 }
 
+output "service_gateways" {
+  value = ["${data.oci_core_service_gateways.test_service_gateways.service_gateways}"]
+}
+
 resource "oci_core_route_table" "test_route_table" {
   compartment_id = "${var.compartment_ocid}"
   vcn_id         = "${oci_core_vcn.test_vcn.id}"
@@ -108,12 +88,12 @@ resource "oci_core_security_list" "test_security_list" {
   }
 
   ingress_security_rules {
-    protocol = "${var.tcp_protocol}"
+    protocol = "6"
     source   = "0.0.0.0/0"
 
     tcp_options {
-      max = "${var.ssh_port}"
-      min = "${var.ssh_port}"
+      max = "22"
+      min = "22"
     }
   }
 }